Releases: akkadotnet/Hyperion
Hyperion v0.12.2
0.12.2 March 31 2022
0.12.1 March 23 2022
- Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection 301
- Bump Akka version from 1.4.34 to 1.4.35
0.12.0 January 12 2022
- Allow explicit control over which types can be deserialized #281
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
0.11.2 October 7 2021
- Fix exception thrown during deserialization when preserve object reference was turned on
and a surrogate instance was inserted into a collection multiple times. #264 - Add support for AggregateException serialization. #266
0.11.1 August 17 2021
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
- System.Security.Claims.ClaimsIdentity
- System.Windows.Forms.AxHost.State
- System.Windows.Data.ObjectDataProvider
- System.Management.Automation.PSObject
- System.Web.Security.RolePrincipal
- System.IdentityModel.Tokens.SessionSecurityToken
- SessionViewStateHistoryItem
- TextFormattingRunProperties
- ToolboxItemContainer
- System.Security.Principal.WindowsClaimsIdentity
- System.Security.Principal.WindowsIdentity
- System.Security.Principal.WindowsPrincipal
- System.CodeDom.Compiler.TempFileCollection
- System.IO.FileSystemInfo
- System.Activities.Presentation.WorkflowDesigner
- System.Windows.ResourceDictionary
- System.Windows.Forms.BindingSource
- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
- System.Diagnostics.Process
- System.Management.IWbemClassObjectFreeThreaded
0.11.0 July 8 2021
- Fix array of user defined structs serialization failure
- Remove dynamic keyword usage from array serializer
- Change field ordering to ordinal
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- a7aac07 Merge pull request #308 from Arkatufus/master
- ead5056 Merge branch 'dev'
- 2190f14 Update RELEASE_NOTES.md for 0.12.2 release (#307)
- 3886408 Fix type cache cross pollination (#306)
- f310df6 Convert byte array key to type cache from static to instance bound (#305)
- ea7ef0f Version 0.12.0 release
- d26d24c Merge branch 'dev'
- 10a8b03 0.11.2 Release
- 728edc8 Version 0.11.1 Release
- 63cb41e Merge branch 'dev'
See More
- 1f40195 Version 0.11.0 Release
- cbe964e Merge branch 'dev'
- 071c880 Version 0.10.2 release
- 1c7a6d2 Merge branch 'dev'
- 615d9d1 Merge pull request #216 from akkadotnet/dev
- 7b6f992 Merge pull request #211 from akkadotnet/dev
- 255948e Merge pull request #207 from akkadotnet/dev
- 204e3c6 Merge pull request #179 from akkadotnet/dev
- 0f2044d Merge pull request #168 from akkadotnet/dev
- b6a4f25 Merge pull request #164 from akkadotnet/dev
- 457a5e7 Merge pull request #160 from akkadotnet/dev
- 2cf4598 Merge pull request #154 from akkadotnet/dev
- 326f89f Merge pull request #143 from akkadotnet/dev
- d9a9319 Merge pull request #136 from akkadotnet/dev
- b0075b4 Merge pull request #131 from akkadotnet/dev
- 72d6188 Merge pull request #94 from akkadotnet/dev
- 84eb198 Merge pull request #88 from akkadotnet/dev
- cf20153 Merge pull request #74 from akkadotnet/dev
- ff0a22c Fix nuget publish when symbols aren't required to nuget push (#69) (#70)
- d6f8418 Merge pull request #68 from heynickc/master
This list of changes was auto generated.
Hyperion v0.12.1
0.12.1 March 23 2022
- Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection 301
- Bump Akka version from 1.4.34 to 1.4.35
0.12.0 January 12 2022
- Allow explicit control over which types can be deserialized #281
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
0.11.2 October 7 2021
- Fix exception thrown during deserialization when preserve object reference was turned on
and a surrogate instance was inserted into a collection multiple times. #264 - Add support for AggregateException serialization. #266
0.11.1 August 17 2021
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
- System.Security.Claims.ClaimsIdentity
- System.Windows.Forms.AxHost.State
- System.Windows.Data.ObjectDataProvider
- System.Management.Automation.PSObject
- System.Web.Security.RolePrincipal
- System.IdentityModel.Tokens.SessionSecurityToken
- SessionViewStateHistoryItem
- TextFormattingRunProperties
- ToolboxItemContainer
- System.Security.Principal.WindowsClaimsIdentity
- System.Security.Principal.WindowsIdentity
- System.Security.Principal.WindowsPrincipal
- System.CodeDom.Compiler.TempFileCollection
- System.IO.FileSystemInfo
- System.Activities.Presentation.WorkflowDesigner
- System.Windows.ResourceDictionary
- System.Windows.Forms.BindingSource
- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
- System.Diagnostics.Process
- System.Management.IWbemClassObjectFreeThreaded
0.11.0 July 8 2021
- Fix array of user defined structs serialization failure
- Remove dynamic keyword usage from array serializer
- Change field ordering to ordinal
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- 28d3c58 Version 0.12.1 release (#302)
- af18916 Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 (#297)
- be6f95a Bump AkkaVersion from 1.4.34 to 1.4.35 (#300)
- 82f3347 Fix disallow-unsafe-type Akka.NET settings and harden unsafe type detection (#301)
- 6486308 Bump FluentAssertions from 6.3.0 to 6.5.1 (#295)
- 15e2fd9 Bump ApprovalTests from 5.7.1 to 5.7.2 (#298)
- a2a9563 Bump AkkaVersion from 1.4.33 to 1.4.34 (#299)
- 2f2dd11 Bump FSharp.Core from 6.0.1 to 6.0.3 (#292)
- 7d4b320 Bump coverlet.collector from 3.1.0 to 3.1.2 (#293)
- 6317c96 Bump AkkaVersion from 1.4.31 to 1.4.33 (#296)
This list of changes was auto generated.
Hyperion v0.12.0
0.12.0 January 12 2022
- Allow explicit control over which types can be deserialized #281
We've expanded our deserialization safety check to block dangerous types from being deserialized; we recommend this method as a best practice to prevent deserialization of untrusted data. You can now create a custom deserialize layer type filter programmatically:
var typeFilter = TypeFilterBuilder.Create()
.Include<AllowedClassA>()
.Include<AllowedClassB>()
.Build();
var options = SerializerOptions.Default
.WithTypeFilter(typeFilter);
var serializer = new Serializer(options);
For complete documentation, please read the readme on filtering types for secure deserialization.
0.11.2 October 7 2021
- Fix exception thrown during deserialization when preserve object reference was turned on
and a surrogate instance was inserted into a collection multiple times. #264 - Add support for AggregateException serialization. #266
0.11.1 August 17 2021
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
- System.Security.Claims.ClaimsIdentity
- System.Windows.Forms.AxHost.State
- System.Windows.Data.ObjectDataProvider
- System.Management.Automation.PSObject
- System.Web.Security.RolePrincipal
- System.IdentityModel.Tokens.SessionSecurityToken
- SessionViewStateHistoryItem
- TextFormattingRunProperties
- ToolboxItemContainer
- System.Security.Principal.WindowsClaimsIdentity
- System.Security.Principal.WindowsIdentity
- System.Security.Principal.WindowsPrincipal
- System.CodeDom.Compiler.TempFileCollection
- System.IO.FileSystemInfo
- System.Activities.Presentation.WorkflowDesigner
- System.Windows.ResourceDictionary
- System.Windows.Forms.BindingSource
- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
- System.Diagnostics.Process
- System.Management.IWbemClassObjectFreeThreaded
0.11.0 July 8 2021
- Fix array of user defined structs serialization failure
- Remove dynamic keyword usage from array serializer
- Change field ordering to ordinal
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- ea7ef0f Version 0.12.0 release
- d26d24c Merge branch 'dev'
- 87ad62d Add TypeFilter enabled benchmark (#283)
- d8c7ea1 Improve EvilDeserializationException message (#284)
- 3c7a701 Update RELEASE_NOTES.md for 0.11.3 release (#285)
- 0feacb1 Bump FluentAssertions from 6.2.0 to 6.3.0 (#280)
- 122f5af Add type filtering feature (#281)
- 7a78155 Fix SerializeStructBenchmark, Serializer not initialized (#282)
- 4ecbb05 Bump AkkaVersion from 1.4.29 to 1.4.31 (#279)
- 1296c6d Bump AkkaVersion from 1.4.27 to 1.4.29 (#278)
See More
- 35c3b9e Bump FSharp.Core from 6.0.0 to 6.0.1 (#274)
- 2ad62a2 Bump Microsoft.NET.Test.Sdk from 16.11.0 to 17.0.0 (#273)
- 6bd4be8 Bump FluentAssertions from 6.1.0 to 6.2.0 (#272)
- d8124f0 Bump AkkaVersion from 1.4.26 to 1.4.27 (#271)
- 52ec792 Use IOException instead of FileLoadException to handle #269 where an FileNotFoundExeption is thrown. (#270)
This list of changes was auto generated.
Hyperion v0.11.2
0.11.2 October 7 2021
- Fix exception thrown during deserialization when preserve object reference was turned on
and a surrogate instance was inserted into a collection multiple times. #264 - Add support for AggregateException serialization. #266
0.11.1 August 17 2021
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
- System.Security.Claims.ClaimsIdentity
- System.Windows.Forms.AxHost.State
- System.Windows.Data.ObjectDataProvider
- System.Management.Automation.PSObject
- System.Web.Security.RolePrincipal
- System.IdentityModel.Tokens.SessionSecurityToken
- SessionViewStateHistoryItem
- TextFormattingRunProperties
- ToolboxItemContainer
- System.Security.Principal.WindowsClaimsIdentity
- System.Security.Principal.WindowsIdentity
- System.Security.Principal.WindowsPrincipal
- System.CodeDom.Compiler.TempFileCollection
- System.IO.FileSystemInfo
- System.Activities.Presentation.WorkflowDesigner
- System.Windows.ResourceDictionary
- System.Windows.Forms.BindingSource
- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
- System.Diagnostics.Process
- System.Management.IWbemClassObjectFreeThreaded
0.11.0 July 8 2021
- Fix array of user defined structs serialization failure
- Remove dynamic keyword usage from array serializer
- Change field ordering to ordinal
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- 10a8b03 0.11.2 Release
- ca89f72 Update RELEASE_NOTES.md for 0.11.2 release (#267)
- b83c5bf Add custom AggregateException serializer. (#266)
- 41ceaaa Fix preserved reference surrogate in collection deserialization bug (#264)
- fe66397 Bump ApprovalTests from 5.7.0 to 5.7.1 (#262)
- d2d7c81 Bump FSharp.Core from 5.0.2 to 6.0.0 (#260)
- ca0d25c Bump AkkaVersion from 1.4.24 to 1.4.26 (#261)
- 974868a Bump FluentAssertions from 6.0.0 to 6.1.0 (#258)
- 5a3415a Bump AkkaVersion from 1.4.23 to 1.4.24 (#257)
This list of changes was auto generated.
Hyperion v0.11.1
0.11.1 August 17 2021
We've added a deserialization safety check to block dangerous types from being deserialized.
This is done to add a layer of security from possible code injection and code execution attack.
Currently it is an all or nothing feature that can be turned on and off by using the new DisallowUnsafeTypes
flag inside SerializerOptions
(defaults to true).
The unsafe types that are currently blocked are:
- System.Security.Claims.ClaimsIdentity
- System.Windows.Forms.AxHost.State
- System.Windows.Data.ObjectDataProvider
- System.Management.Automation.PSObject
- System.Web.Security.RolePrincipal
- System.IdentityModel.Tokens.SessionSecurityToken
- SessionViewStateHistoryItem
- TextFormattingRunProperties
- ToolboxItemContainer
- System.Security.Principal.WindowsClaimsIdentity
- System.Security.Principal.WindowsIdentity
- System.Security.Principal.WindowsPrincipal
- System.CodeDom.Compiler.TempFileCollection
- System.IO.FileSystemInfo
- System.Activities.Presentation.WorkflowDesigner
- System.Windows.ResourceDictionary
- System.Windows.Forms.BindingSource
- Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider
- System.Diagnostics.Process
- System.Management.IWbemClassObjectFreeThreaded
Changes:
- 728edc8 Version 0.11.1 Release
- 63cb41e Merge branch 'dev'
- e3b1a3d Update release notes for 0.11.1 release (#255)
- 5284534 Cleanup type blacklist PR (#254)
- 03d7826 close #251 - add Linux CI (#252)
- a7fc161 standardize Hyperion runtimes through
common.props
(#253) - 3c3cc04 Add deserialization type denylist (#242) [ #69, #70 ]
- f9fc857 updated benchmarks to run on modern .NET platforms (#250)
- 2d023dc Bump Microsoft.NET.Test.Sdk from 16.10.0 to 16.11.0 (#249)
- 2ebd5c2 Bump FluentAssertions from 5.10.3 to 6.0.0 (#248)
Hyperion v0.11.0
0.11.0 July 8 2021
- Fix array of user defined structs serialization failure
- Remove dynamic keyword usage from array serializer
- Change field ordering to ordinal
Possible breaking changes
The change to the object serializer field ordering might cause a deserialization failure of persisted objects
that are serialized using the Hyperion serializer.
Please report any serialization problem that occurs after an upgrade to this version at the
issue tracker
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- 1f40195 Version 0.11.0 Release
- cbe964e Merge branch 'dev'
- 6263f66 Update RELEASE_NOTES.md for 0.11.0 release (#237)
- f652d7c Merge pull request #139 from humhei/dynamic
- e46f7f6 Merge branch 'dev' into dynamic
- 77770e4 Order type fields by oridnal to keep the same order on multiple platforms. (#236)
- 97baf14 Fix array of user defined structs serialization failure (#235)
- d0a22fc Merge branch 'dev' into dynamic
- 7f3f2fb Remove dynamic keyword
This list of changes was auto generated.
Hyperion v0.10.2
0.10.2 June 30 2021
0.10.1 April 20 2021
Changes:
- 071c880 Version 0.10.2 release
- 1c7a6d2 Merge branch 'dev'
- 6f23f0a Merge pull request #230 from Arkatufus/Update_RELEASE_NOTES_for_0.10.2
- bafee27 Update RELEASE_NOTES.md for 0.10.2 release
- 26f84af Add exception handling for exception logging (#229)
- b351032 Bump FSharp.Core from 5.0.1 to 5.0.2 (#228)
- 8dce55a Bump ApprovalTests from 5.4.7 to 5.5.0 (#223)
- e430328 Bump AkkaVersion from 1.4.20 to 1.4.21 (#227)
- ef331c7 Bump Microsoft.NET.Test.Sdk from 16.9.4 to 16.10.0 (#222)
- d6e2097 Bump BenchmarkDotNet from 0.12.1 to 0.13.0 (#221)
See More
- 738caa8 Merge pull request #220 from akkadotnet/dependabot/nuget/AkkaVersion-1.4.20
- fa82ee5 Bump AkkaVersion from 1.4.19 to 1.4.20
- 31c9b15 Merge pull request #218 from akkadotnet/dependabot/nuget/AkkaVersion-1.4.19
- ad9d8ed Merge branch 'dev' into dependabot/nuget/AkkaVersion-1.4.19
- b861d07 Merge pull request #219 from akkadotnet/dependabot/add-v2-config-file
- 3d5a4b3 Upgrade to GitHub-native Dependabot
- 2675838 Bump AkkaVersion from 1.4.18 to 1.4.19
- bad2cc2 Bump coverlet.collector from 1.3.0 to 3.0.3 (#217)
This list of changes was auto generated.
Hyperion v0.10.1
Hyperion v0.10.0
0.10.0 April 13 2021
Cross platform serialization
You can now address any cross platform package serialization differences by providing a list of package name transformation lambda function into the SerializerOptions
constructor. The package name will be passed into the lambda function before it is deserialized, and the result of the string transformation is used for deserialization instead of the original package name.
This short example shows how to address the change from System.Drawing
in .NET Framework to System.Drawing.Primitives
in .NET Core:
Serializer serializer;
#if NETFX
serializer = new Serializer(new SerializerOptions(
packageNameOverrides: new List<Func<string, string>> {
str => str.Contains("System.Drawing.Primitives") ? str.Replace(".Primitives", "") : str
}));
#elif NETCOREAPP
serializer = new Serializer();
#endif
Note that only one package name transformation is allowed, any transform lambda function after the first applied transformation is ignored.
Changes:
- 7b6f992 Merge pull request #211 from akkadotnet/dev
- e620a15 Merge pull request #210 from Arkatufus/Update_RELEASE_NOTES.md_for_1.10.0_release
- 8ec06db Merge branch 'Update_RELEASE_NOTES.md_for_1.10.0_release' of github.com:Arkatufus/Hyperion into Update_RELEASE_NOTES.md_for_1.10.0_release
- 173dba8 Fix markdown title problem with Fake version number helper
- 4629324 Merge branch 'dev' into Update_RELEASE_NOTES.md_for_1.10.0_release
- 32a8b0b Update RELEASE_NOTES.md
- 37209fe Bump Microsoft.NET.Test.Sdk from 16.9.1 to 16.9.4 (#209)
- 477b5f3 Fix cross framework incompatibility for System.Drawing.Color (#208) [ #206 ]
- bd3a432 fix release Pipeline
This list of changes was auto generated.
Hyperion v0.9.17
0.9.17 March 25 2021
- Bump Microsoft.NET.Test.Sdk from 16.6.1 to 16.7.1
- Fix unit test problem
- Bump FSharp.Core from 4.7.2 to 5.0.0
- Fix issue #40 regarding partial streams
- Fix Hyperion not using known serializers when defined
- Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.8.3
- Bump System.Collections.Immutable from 1.7.1 to 5.0.0
- Bump FSharp.Core from 5.0.0 to 5.0.1
- Update the cross framework spec to include complex POCO object, Type serialization, and support for netcoreapp3.1 and net5.0
Changes:
- 255948e Merge pull request #207 from akkadotnet/dev
- 2010353 Update RELEASE_NOTES.md, preparing for 0.9.17 release (#205)
- 3443a44 Merge pull request #204 from Arkatufus/update_cross_framework_test
- 4bc1c7a update build system
- 6b9543d Add FriendType comparison in Equal()
- 4b47778 Update build system to support .NET 3.1 and 5.0
- 4605dd3 Update the cross framework spec to include complex POCO object, Type serialization, and support for netcoreapp3.1 and net5.0
- ada4198 Bump Microsoft.NET.Test.Sdk from 16.8.3 to 16.9.1 (#203)
- 0387247 Bump FSharp.Core from 5.0.0 to 5.0.1 (#202)
- 3d9e766 Bump System.Collections.Immutable from 1.7.1 to 5.0.0 (#195)
See More
- 6127ffa Bump Microsoft.NET.Test.Sdk from 16.7.1 to 16.8.3 (#196)
- bc41932 Merge pull request #184 from jogibear9988/dev
- 5c0dc6f Merge branch 'dev' into dev
- bd9ca13 Merge pull request #1 from Arkatufus/jogibear-dev
- 81ff792 Merge pull request #185 from Ralf1108/dev [ #40 ]
- e31c339 throw EndOfStreamException if stream doesn't return enough bytes
- 110f91f Remove modifications that could not be reached/touched by the unit test
- d13f8dd Add a more aggresive unit test
- 9c725c0 Create Test for Issue #183
- 228f1f1 Merge branch 'dev' into dev
- a28fbde Merge branch 'dev' into dev
- 4f16c3e Bump FSharp.Core from 4.7.2 to 5.0.0 (#189)
- 360b051 Merge branch 'dev' into dev
- 82d58d1 Merge branch 'dev' into dev
- 82eb0f3 Fix unit test problem (#191)
- dcc036f fixed issue #40 regarding partial streams
- f25ef13 Merge branch 'dev' into dev
- e214023 Bump Microsoft.NET.Test.Sdk from 16.6.1 to 16.7.1 (#182)
- 6bafc4c bugfix not using know serializers when defined
This list of changes was auto generated.